[SECURITY] [DLA 3673-1] gst-plugins-bad1.0 security update

2023-11-2822:52:14

lists.debian.org

gstreamer plugins

cve-2023-44446

mxf demuxer

debian 10 buster

security update

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Debian LTS Advisory DLA-3673-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
November 28, 2023 https://wiki.debian.org/LTS

Package : gst-plugins-bad1.0
Version : 1.14.4-1+deb10u5
CVE ID : CVE-2023-44446

An issue has been found in gst-plugins-bad1.0, which contains several
GStreamer plugins from the "bad" set.
The issue is related to use-after-free of some pointers within the MXF
demuxer.

For Debian 10 buster, this problem has been fixed in version
1.14.4-1+deb10u5.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian12armhflibgstreamer-opencv1.0-0< 1.22.0-4+deb12u3libgstreamer-opencv1.0-0_1.22.0-4+deb12u3_armhf.deb
Debian11ppc64ellibgstreamer-plugins-bad1.0-0-dbgsym< 1.18.4-3+deb11u3libgstreamer-plugins-bad1.0-0-dbgsym_1.18.4-3+deb11u3_ppc64el.deb
Debian11ppc64elgstreamer1.0-wpe< 1.18.4-3+deb11u3gstreamer1.0-wpe_1.18.4-3+deb11u3_ppc64el.deb
Debian11amd64gstreamer1.0-opencv-dbgsym< 1.18.4-3+deb11u3gstreamer1.0-opencv-dbgsym_1.18.4-3+deb11u3_amd64.deb
Debian12armellibgstreamer-opencv1.0-0< 1.22.0-4+deb12u3libgstreamer-opencv1.0-0_1.22.0-4+deb12u3_armel.deb
Debian12s390xgstreamer1.0-plugins-bad-apps< 1.22.0-4+deb12u3gstreamer1.0-plugins-bad-apps_1.22.0-4+deb12u3_s390x.deb
Debian12allgst-plugins-bad1.0< 1.22.0-4+deb12u3gst-plugins-bad1.0_1.22.0-4+deb12u3_all.deb
Debian10arm64gstreamer1.0-opencv< 1.14.4-1+deb10u5gstreamer1.0-opencv_1.14.4-1+deb10u5_arm64.deb
Debian10i386gstreamer1.0-plugins-bad< 1.14.4-1+deb10u5gstreamer1.0-plugins-bad_1.14.4-1+deb10u5_i386.deb
Debian11s390xgstreamer1.0-plugins-bad-apps-dbgsym< 1.18.4-3+deb11u3gstreamer1.0-plugins-bad-apps-dbgsym_1.18.4-3+deb11u3_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	armhf	libgstreamer-opencv1.0-0	< 1.22.0-4+deb12u3	libgstreamer-opencv1.0-0_1.22.0-4+deb12u3_armhf.deb
Debian	11	ppc64el	libgstreamer-plugins-bad1.0-0-dbgsym	< 1.18.4-3+deb11u3	libgstreamer-plugins-bad1.0-0-dbgsym_1.18.4-3+deb11u3_ppc64el.deb
Debian	11	ppc64el	gstreamer1.0-wpe	< 1.18.4-3+deb11u3	gstreamer1.0-wpe_1.18.4-3+deb11u3_ppc64el.deb
Debian	11	amd64	gstreamer1.0-opencv-dbgsym	< 1.18.4-3+deb11u3	gstreamer1.0-opencv-dbgsym_1.18.4-3+deb11u3_amd64.deb
Debian	12	armel	libgstreamer-opencv1.0-0	< 1.22.0-4+deb12u3	libgstreamer-opencv1.0-0_1.22.0-4+deb12u3_armel.deb
Debian	12	s390x	gstreamer1.0-plugins-bad-apps	< 1.22.0-4+deb12u3	gstreamer1.0-plugins-bad-apps_1.22.0-4+deb12u3_s390x.deb
Debian	12	all	gst-plugins-bad1.0	< 1.22.0-4+deb12u3	gst-plugins-bad1.0_1.22.0-4+deb12u3_all.deb
Debian	10	arm64	gstreamer1.0-opencv	< 1.14.4-1+deb10u5	gstreamer1.0-opencv_1.14.4-1+deb10u5_arm64.deb
Debian	10	i386	gstreamer1.0-plugins-bad	< 1.14.4-1+deb10u5	gstreamer1.0-plugins-bad_1.14.4-1+deb10u5_i386.deb
Debian	11	s390x	gstreamer1.0-plugins-bad-apps-dbgsym	< 1.18.4-3+deb11u3	gstreamer1.0-plugins-bad-apps-dbgsym_1.18.4-3+deb11u3_s390x.deb